Solved

ASP Sessions Being Cleared/Modified

Posted on 2016-08-20
6
61 Views
Last Modified: 2016-08-26
Hi there,

I have a website using classic ASP and it currently uses a lot of session variables to keep track of what is being done on several pages.  At one point, I redirect my website to PayPal to process a payment and then get PayPal to redirect back to my website.  For some reason though, it appears that the session variables get cleared/modified when the redirection to my website occurs.  Is there any reason for this?  I need to ensure these variables stay in place in the browser until the user either logs out of my website or closes the browser.  Any suggestions??

Thank you,
- Christian
0
Comment
Question by:Christian Palacios
  • 3
  • 2
6 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41763795
Are you using 'https' for the pages both before and after connecting to Paypal?
0
 

Author Comment

by:Christian Palacios
ID: 41763815
No, my website doesn't use HTTPS.  Is that clearing my sessions?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 350 total points
ID: 41763838
Switching from 'http' to 'https' can have side effects like that.  Browsers don't carry the session data, only the cookie that identifies the session.  I would look at the cookies before and after the Paypal pages to see if they are changing.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Christian Palacios
ID: 41763843
Thank you.  I understand you have to enable cookies in your browser first.  Do all browsers have cookies turned off by default?  Do you have a way to check if a browser's cookies are disabled so I can check that?

Thanks!!
0
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 150 total points
ID: 41763862
Change your session variables to cookies and that will solve this issue and others.  Sessions in asp are in memory.  If RAM max's out, the worker process crashes and resets sessions.  If you set cookies, your app will be more stable as far as being able to track a person when they leave and come back.

I have an article on using cookies for log in, then tracking those cookies in your database.  This opens up the doors to a lot more possibility.  https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html

It should be very easy to move from session http://www.w3schools.com/asp/asp_sessions.asp to cookies http://www.w3schools.com/asp/asp_cookies.asp.   You only need to change session("something") = "abc" to response.cookies("something")="abc" to set and to get change  var1 = session("something") to var1 = request.cookies("something")
0
 

Author Closing Comment

by:Christian Palacios
ID: 41772156
Thank you for your help!  Switching to cookies solved my problem!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using an internet kiosk - security precautions 6 44
Need help to rewrite script 3 62
Who uses Outlook dot com for e-mail (the former Hotmail) 19 68
Paypal 502 Error 3 63
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now